My WAF Firewall rule is blocking my requests from Github Actions. How to fix it?

Hello! I have a main domain with subdomains as CNAME. And i setup a Cloudflare WAF Rule that Blocks ASN from different companies (Amazon, Microsoft etc) to prevent attacks from VPS:

(ip.geoip.asnum eq 14618) or (ip.geoip.asnum eq 8075) or (ip.geoip.asnum eq 16276) or (ip.geoip.asnum eq 16509) or (ip.geoip.asnum eq 14061) or (ip.geoip.asnum eq 62567) or (ip.geoip.asnum eq 51167) or (ip.geoip.asnum eq 56617) or (ip.geoip.asnum eq 6188) or (ip.geoip.asnum eq 40819)

The problem is when I run an Actions on my Github repository (makes 3 “GET” type requests), Cloudflare is denying it access to my API URL (Due to the rule I already said, because Github uses Microsoft services).
I need to get a HTTP 200 code in response from my API URL, but since it is blocking the request, I only get a HTTP 403 code. (Which Cloudflare shows as access denied, error 1020)

I tried to create another WAF rule with the bypass action to specific URLs of my site.
Example:
(http.request.full_uri eq "https://example.com?api=secretID" or http.request.full_uri eq "https://sub1.example.com?api=secretID1" or http.request.full_uri eq "https://sub2.example.com?api=secretID2" or http.request.full_uri eq "https://sub3.example.com?api=secretID3")

But it didn’t work. So the Bypass is done, but seconds later the first rule blocks the request again :confused:

I don’t want to disable the main rule because it puts my site at risk. As you can see I have more than 900 attacks per day:

Thanks in advance. :ringer_planet:

Puedes mostrar la regla de “bypassing”?

Claro que sí, es esta:

Okay, en este caso no estas permitiendo que pase las firewall rules, solo el UA blocking, BIC, hotlink protection, etc.

En tu caso quieres que la accion sea Allow, de esta forma, las peticiones que coincidan con tu filtro no activaran el resto de firewall rules.

1 Like

Muchísimas gracias amigo! Tenías razón, cambié bypass por Allow y ahora todo funciona correctamente. :handshake:

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.